Fedora Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Fedora LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Fedora 43 libpng Addresses Medium Severity Memory Bug CVE-2026-34757
on June 2, 2026 at 1:11 amupdated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug (not a security issue) this time: png_get_PLTE() returns stale palette data when either gamma correction or alpha-compositing is the only transform applied. Like the issues addressed in the previous release, this bug was a regression introduced in the
- Fedora 43 VIM Important Command Injection Fix Advisory 2026-75b5ddf8c3on June 2, 2026 at 1:11 am
keep GTK4 in rawhide for now switch to GTK4 for GVim Fix CVE-2026-46483
- Fedora 43 perl-Catalyst-Plugin-Authentication Key Timing Attack Patchon June 2, 2026 at 1:11 am
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl’s built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. Version 0.10026 of the module fixes this issue.
- Fedora 43 addresses severe remote code execution vulnerabilities in Unboundon June 2, 2026 at 1:11 am
Update to 1.25.1 (rhbz#2480119) Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
- Fedora 43 Dovecot Suffering from Moderate DoS Info Disclosure Issueson June 2, 2026 at 1:11 am
CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding. CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
- Fedora 43 Postfix Critical Buffer Over-read Fix Advisory 2026-e9fc21d7e2on June 2, 2026 at 1:11 am
This is an update fixing CVE-2026-43964.
- Fedora 44 FreeIPA Important Samba Remote Code Exec Fix 2026-7567819345on June 2, 2026 at 12:55 am
Update to Samba 4.24.3 – Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238
- Fedora 44 Samba 4.24.3 Security Update Remote Code Execution CVE-2026-7567on June 2, 2026 at 12:55 am
Update to Samba 4.24.3 – Security fix for CVE-2026-4480, CVE-2026-2340, CVE-2026-3012, CVE-2026-1933, CVE-2026-4408, and CVE-2026-3238
- Fedora 44 hplip Critical Fix for Arbitrary Code Execution 2026-df2e96fe77on June 2, 2026 at 12:54 am
Update to 3.26.4, fixes CVE-2026-8631, CVE-2026-8632
